feat(api): Create endpoint for fetching all revisions of a secret

[anudeeps352]

User description

Description

Create endpoint for fetching all revisions of a secret

GET /api/secret/:secretId/revisions/:environmentId 

Fixes #272

Dependencies

Mention any dependencies/packages used

Future Improvements

Mention any improvements to be done in future related to any file/feature

Mentions

Mention and tag the people

Screenshots of relevant screens

Add screenshots of relevant screens

Developer's checklist

• My PR follows the style guidelines of this project
• I have performed a self-check on my work

If changes are made in the code:

• I have followed the coding guidelines
• My changes in code generate no new warnings
• My changes are breaking another fix/feature of the project
• I have added test cases to show that my feature works
• I have added relevant screenshots in my PR
• There are no UI/UX issues

Documentation Update

• This PR requires an update to the documentation at docs.keyshade.xyz
• I have made the necessary updates to the documentation, or no documentation changes are required.

---

PR Type

Enhancement, Tests

---

Description

• Added a new endpoint GET /api/secret/:secretId/revisions/:environmentId to fetch all revisions of a secret.
• Implemented the getRevisionsOfSecret method in the SecretController class.
• Added getRevisionsOfSecret method to the SecretService class, including authority checks and retrieval logic.
• Added end-to-end tests for the new endpoint, covering multiple scenarios including fetching multiple revisions, no revisions, non-existent secret, non-existent environment, and unauthorized access.

---

Changes walkthrough 📝

	Relevant files
Enhancement	secret.controller.ts Add endpoint to fetch all revisions of a secret                    apps/api/src/secret/controller/secret.controller.ts Added a new endpoint GET /api/secret/:secretId/revisions/:environmentId to fetch all revisions of a secret. Implemented the getRevisionsOfSecret method in the SecretController class. +14/-0    secret.service.ts Implement service method to fetch secret revisions              apps/api/src/secret/service/secret.service.ts Added getRevisionsOfSecret method to the SecretService class. Implemented authority checks and retrieval of secret revisions. +29/-0
Tests	secret.e2e.spec.ts Add tests for fetching all revisions of a secret endpoint apps/api/src/secret/secret.e2e.spec.ts Added end-to-end tests for the new endpoint to fetch all revisions of a secret. Included tests for various scenarios: fetching multiple revisions, no revisions, non-existent secret, non-existent environment, and unauthorized access. +104/-0

---

💡 PR-Agent usage:
Comment /help on the PR to get a list of all available PR-Agent tools and their descriptions

[codiumai-pr-agent-free]

PR Reviewer Guide 🔍

⏱️ Estimated effort to review [1-5]	3
🧪 Relevant tests	Yes
🔒 Security concerns	No
⚡ Key issues to review	Possible Bug: Ensure that the getRevisionsOfSecret method in SecretService handles the case where the secret or environment does not exist before making database queries. This could prevent unnecessary database calls and improve error handling.
	Error Handling: Verify that the error messages returned are consistent and informative across different failure scenarios in the endpoint.

[codiumai-pr-agent-free]

PR Code Suggestions ✨

Category	Suggestion	Score
Possible issue	Add error handling to improve method robustness and error reporting Implement error handling for the getRevisionsOfSecret method to manage cases where the authority checks fail or the database operations throw an exception. This will improve the robustness of the method and provide clearer error messages to the client. apps/api/src/secret/service/secret.service.ts [499-511] -await this.authorityCheckerService.checkAuthorityOverSecret({ - userId: user.id, - entity: { id: secretId }, - authority: Authority.READ_SECRET, - prisma: this.prisma -}) -await this.authorityCheckerService.checkAuthorityOverEnvironment({ - userId: user.id, - entity: { id: environmentId }, - authority: Authority.READ_ENVIRONMENT, - prisma: this.prisma -}) +try { + await this.authorityCheckerService.checkAuthorityOverSecret({ + userId: user.id, + entity: { id: secretId }, + authority: Authority.READ_SECRET, + prisma: this.prisma + }) + await this.authorityCheckerService.checkAuthorityOverEnvironment({ + userId: user.id, + entity: { id: environmentId }, + authority: Authority.READ_ENVIRONMENT, + prisma: this.prisma + }) +} catch (error) { + throw new HttpException('Failed to verify authorities or fetch data', HttpStatus.INTERNAL_SERVER_ERROR); +} Apply this suggestion Suggestion importance[1-10]: 10 Why: Implementing error handling for authority checks and database operations enhances the robustness of the method and provides clearer error messages to the client, which is crucial for reliability and user experience.	10
Enhancement	Add parameter validation for secretId and environmentId to ensure they are well-formed UUIDs Consider validating the parameters secretId and environmentId to ensure they are not empty or malformed before proceeding with the database operations. This can help prevent unnecessary database queries and potential errors when invalid IDs are provided. apps/api/src/secret/controller/secret.controller.ts [110-111] -@Param('secretId') secretId: string, -@Param('environmentId') environmentId: string +@Param('secretId', ParseUUIDPipe) secretId: string, +@Param('environmentId', ParseUUIDPipe) environmentId: string Apply this suggestion Suggestion importance[1-10]: 9 Why: Adding validation for secretId and environmentId ensures that only well-formed UUIDs are processed, preventing unnecessary database queries and potential errors. This is a significant improvement for robustness and security.	9
Performance	Suggest adding a database index on secretId and environmentId to improve query performance To optimize the database query when fetching secret revisions, consider including an index on the secretId and environmentId fields in the secretVersion table. This can significantly improve the performance of the query, especially when dealing with a large number of records. apps/api/src/secret/service/secret.service.ts [514-517] +const revisions = await this.prisma.secretVersion.findMany({ + where: { + secretId: secretId, + environmentId: environmentId + } +}) - Apply this suggestion Suggestion importance[1-10]: 8 Why: Adding an index on secretId and environmentId can significantly improve the performance of database queries, especially with large datasets. This is a valuable optimization for performance.	8
Security	Implement a middleware to check API key authorities to centralize security checks To ensure that the API key provided has the necessary authorities, consider implementing a middleware that checks the API key before reaching the controller method. This can help centralize security checks and reduce redundancy across different endpoints. apps/api/src/secret/controller/secret.controller.ts [106-111] -@RequiredApiKeyAuthorities(Authority.READ_SECRET) +@UseGuards(ApiKeyAuthGuard) async getRevisionsOfSecret( @CurrentUser() user: User, @Param('secretId') secretId: string, @Param('environmentId') environmentId: string ) Apply this suggestion Suggestion importance[1-10]: 7 Why: Using a middleware to check API key authorities can centralize security checks and reduce redundancy, improving maintainability. However, the current decorator approach is also valid, so this is more of a structural improvement.	7

[anudeeps352]

Hey btw since this pr won't be considered in foss hack,can this be merged ??

[rajdip-b]

I'm totally fine if you are!

[rajdip-b]

The code looks good. Just fix the tests and we can merge it.

[anudeeps352]

Hey I think this one would work fine

[rajdip-b]

Looks so clean! LGTM.